6452 matches found
CVE-2026-40942
The Data Sharing Framework DSF implements a distributed process engine based on the BPMN 2.0 and FHIR R4 standards. Prior to 2.1.0, The OIDC JWKS and Metadata Document caches used an inverted time comparison isBefore instead of isAfter, causing the cache to never return cached values. Every...
CVE-2026-49202
Internal multimedia session archives are accessible without authentication, exacerbated by loose Cross-Origin Resource Sharing CORS rules that allow cross-site theft...
CVE-2026-10868
A mass assignment vulnerability exists in the MISP user edit functionality due to insufficient filtering of user-supplied fields in UsersController::edit. When processing edit requests, the application accepted a user-controlled User.id value from request data. An authenticated attacker could cra...
CVE-2026-40600
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew allows authenticated users with access to one project to update or delete a SharePolicy record that belongs to a different project. The affect...
CVE-2026-40514
SmarterTools SmarterMail builds prior to 9610 contain a cryptographic weakness in the file and email sharing endpoints that use DES-CBC encryption with keys and initialization vectors derived from System.Random seeded with insufficient entropy, reducing the seed space to approximately 19,000...
[SECURITY] Fedora 44 Update: python-starlette-0.52.1-2.fc44
Starlette is a lightweight ASGI framework/toolkit, which is ideal for building async web services in Python. It is production-ready, and gives you the following: =E2=80=A2 A lightweight, low-complexity HTTP web framework. =E2=80=A2 WebSocket support. =E2=80=A2 In-process background tasks. =E2=80=...
CVE-2020-25900
HelloTalk through 3.4.1 stores full-precision GPS coordinates even when the user had intended to share only a country or city. Furthermore, these coordinates are placed into a database on the client of other users. The client side was changed in 2019 to encrypt that database...
CVE-2020-25900
HelloTalk through 3.4.1 stores full-precision GPS coordinates even when the user had intended to share only a country or city. Furthermore, these coordinates are placed into a database on the client of other users. The client side was changed in 2019 to encrypt that database...
PT-2026-46956
HelloTalk through 3.4.1 stores full-precision GPS coordinates even when the user had intended to share only a country or city. Furthermore, these coordinates are placed into a database on the client of other users. The client side was changed in 2019 to encrypt that database...
CVE-2020-25900
Affected software: HelloTalk (up to version 3.4.1). Vulnerability summary: The app stores full‑precision GPS coordinates even when a user intends to share only a country or city, and these coordinates are placed into a client‑side database that is stored on other users’ devices. The client databa...
CVE-2026-10868 MISP user edit endpoint mass assignment vulnerability allows unauthorized user account modification
A mass assignment vulnerability exists in the MISP user edit functionality due to insufficient filtering of user-supplied fields in UsersController::edit. When processing edit requests, the application accepted a user-controlled User.id value from request data. An authenticated attacker could cra...
CVE-2026-49202 Unverified Meeting Recording Endpoints & Permissive CORS
Internal multimedia session archives are accessible without authentication, exacerbated by loose Cross-Origin Resource Sharing CORS rules that allow cross-site theft...
CVE-2026-49202
Internal multimedia session archives are accessible without authentication, exacerbated by loose Cross-Origin Resource Sharing CORS rules that allow cross-site theft...
CVE-2026-49202
Technical details are not publicly available in the provided documents; monitor for updates.
PT-2026-46153
Internal multimedia session archives are accessible without authentication, exacerbated by loose Cross-Origin Resource Sharing CORS rules that allow cross-site theft...
PT-2026-46881
Name of the Vulnerable Software and Affected Versions Nhost CLI affected versions not specified Description The hidden configserver used by nhost dev exposes the Mimir GraphQL API with permissive CORS and dummy authorization directives. This allows any process capable of reaching the developer's...
PT-2026-46390
Name of the Vulnerable Software and Affected Versions IRIS versions prior to 2.4.28 Description IRIS is a web collaborative platform designed for incident responders to share technical details during investigations. The software is susceptible to a cross-site request forgery attack, which occurs...
Acer M6E 安全漏洞
The Acer M6E is a portable 5G mobile hotspot device from Acer, a company based in Taiwan, China. The Acer M6E has a security vulnerability. This vulnerability stems from the ability to access internal multimedia session archives without authentication, and lax cross-site resource sharing rules...
MISP 安全漏洞
MISP is a set of open-source software solutions developed by MISP. This product is used for collecting, storing, distributing, and sharing network security metrics. It also includes features for analyzing threats to network security and malware analysis. MISP has a security vulnerability, which...
PT-2026-46226
Name of the Vulnerable Software and Affected Versions MISP affected versions not specified Description A URL validation flaw in the dashboard button widget allows a crafted relative-looking URL to be accepted as a local path while browsers interpret it as an external URL. The validation process...